"
winbind privileged pipe permissions (Samba-3.X)
ntlm_auth requires access to the privileged winbind pipe in order to
function properly. You enable this access by changing group of the
winbind_privileged directory to the group you run Squid as
(cache_effective_group setting in squid.conf).
chgrp squid /path/to/winbind_privileged
"
I've added squid group, added user nobody into it and put it in my
squid.conf. But as you can see below, there's only read perms for squid
group, so the error is still there.
4 drwxr-s--- 2 root squid 4096 2005-02-17 14:15 winbindd_privileged
I don't know how the hell this worked for others, since other users from
squid will only have read access to the dir, when they should have
execute permissions too.
Anyways, thanks for the answer.
Paulo Pires
Qui, 2005-02-17 ās 00:40 +0100, Henrik Nordstrom escreveu:
> On Wed, 16 Feb 2005, Paulo Pires wrote:
>
> > chown nobody /usr/local/samba-3.0.10/var/locks/winbindd_privileged
> >
> > This solved the thing. We can't change the perms cause it's a socket, so
> > it's better to change the owner to the user which runs squid.
>
> You should change the group, not the owner..
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
> http://us4.samba.org/samba/docs/man/winbindd.8.html
>
> Changing the owner will make Samba quite upset about the security.
>
> Regards
> Henrik
Received on Thu Feb 17 2005 - 07:51:25 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST